Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
File:                     hesz_RfSMvvmsq22bLCv4N7pA7A.mft (raw, json)
Hash identifier:          /YJ1neCBqUipTl4THln0hDtWpQhmA7d1v5241ZPqq0Q=
Subject key identifier:   1A:A4:87:EA:78:12:E5:87:A8:E4:97:5B:A0:9F:92:C9:D4:42:E1:14
Authority key identifier: 85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0
Certificate issuer:       /CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
Certificate serial:       0194BA84540CE2F8B6678457CFAD579F5AD1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
Manifest number:          02B6
Signing time:             Fri 31 Jan 2025 04:00:21 +0000
Manifest this update:     Fri 31 Jan 2025 04:00:21 +0000
Manifest next update:     Sat 01 Feb 2025 04:00:21 +0000
Files and hashes:         1: hesz_RfSMvvmsq22bLCv4N7pA7A.crl (hash: hj9RnJ8hfSo+bgNVrXtOyFm+tooGsH2XjZHNznJmcHk=)

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Feb 2025 04:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ba:84:54:0c:e2:f8:b6:67:84:57:cf:ad:57:9f:5a:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
        Validity
            Not Before: Jan 31 04:00:21 2025 GMT
            Not After : Feb  1 04:00:21 2025 GMT
        Subject: CN=1aa487ea7812e587a8e4975ba09f92c9d442e114
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:81:ef:1b:0d:f0:87:41:c6:1c:33:e5:7a:e4:
                    d7:1a:bd:3d:69:bc:3f:55:b3:59:95:37:35:28:89:
                    1e:8d:d2:7b:fe:f3:b6:37:8c:cf:fc:70:8e:4f:86:
                    c2:cd:70:ee:5e:ab:00:1c:6d:3a:32:ef:1e:8d:87:
                    83:f8:c6:e6:d0:52:38:36:10:ff:03:55:14:47:2c:
                    52:36:d0:f7:8b:2f:9d:b2:bc:37:2a:4c:32:b2:57:
                    3c:30:87:07:02:a0:2b:99:77:bc:c5:92:e1:2d:41:
                    47:e6:2c:e7:95:14:f8:ee:1a:2d:5d:26:5a:14:5d:
                    e6:27:d4:93:95:54:54:7a:49:b7:6f:8b:81:b2:43:
                    27:5b:85:d8:c9:a0:1b:e0:ad:b2:06:fd:50:0f:3c:
                    f4:78:55:e8:cb:6c:38:a4:bb:2e:45:8f:0b:0d:92:
                    97:8e:7b:4c:4e:72:1d:39:55:ac:22:c7:cf:68:b7:
                    38:59:f4:4f:b9:ad:1a:88:47:33:61:cb:ce:cd:37:
                    87:99:2b:53:ed:29:36:43:3b:44:88:4f:b8:10:45:
                    b6:05:9a:0f:4d:f8:86:2a:8c:08:e2:4d:0b:35:a4:
                    e8:0a:44:cb:81:8b:e6:ef:70:fa:be:76:8d:e3:2d:
                    06:f1:ec:fc:49:12:d9:6a:19:1b:06:7d:04:47:98:
                    26:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:A4:87:EA:78:12:E5:87:A8:E4:97:5B:A0:9F:92:C9:D4:42:E1:14
            X509v3 Authority Key Identifier:
                keyid:85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         0d:43:c0:73:00:c2:d9:26:7b:d4:96:5e:76:97:79:33:d6:c6:
         83:16:c4:09:23:96:3b:f5:28:56:81:82:8c:ab:52:05:34:ad:
         58:3f:d7:a5:2c:6c:73:2d:bd:36:64:88:81:b2:f8:25:95:65:
         c5:a3:8d:8c:14:dc:a0:fb:62:17:43:61:d3:b3:17:b3:27:c9:
         67:55:4a:24:e0:05:ed:84:cc:4a:dc:c3:46:9f:ec:87:ed:77:
         31:43:83:ed:19:d0:be:74:73:70:6a:04:94:58:54:fd:47:3f:
         1a:ce:83:27:e3:84:88:c9:2f:dd:8b:43:9a:31:07:49:af:aa:
         0b:37:1b:0b:6e:e8:fa:68:dc:f8:f3:74:93:d3:59:22:9d:d1:
         36:c8:95:5a:70:71:9c:c8:2b:25:50:d4:b0:58:29:5d:2c:e0:
         d8:47:c3:8a:0c:ec:a7:5a:d8:6a:bc:8d:7f:a1:36:4e:a5:1d:
         e3:df:e2:7c:e3:55:57:a5:3b:a8:99:08:3f:21:41:66:d5:f4:
         42:cd:53:a6:18:09:fc:92:5b:c8:f1:37:21:a7:60:d6:88:85:
         d1:2d:b8:89:68:b5:51:74:72:c0:5a:1e:0d:cc:2e:79:02:f1:
         09:40:10:79:10:0a:31:d4:87:39:6e:54:b5:67:1a:50:30:7c:
         31:a8:42:50
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZS6hFQM4vi2Z4RXz61Xn1rRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZWIzM2ZkMTdkMjMyZmJlNmIyYWRiNjZjYjBhZmUwZGVl
OTAzYjAwHhcNMjUwMTMxMDQwMDIxWhcNMjUwMjAxMDQwMDIxWjAzMTEwLwYDVQQD
EygxYWE0ODdlYTc4MTJlNTg3YThlNDk3NWJhMDlmOTJjOWQ0NDJlMTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIHvGw3wh0HGHDPleuTXGr09abw/
VbNZlTc1KIkejdJ7/vO2N4zP/HCOT4bCzXDuXqsAHG06Mu8ejYeD+Mbm0FI4NhD/
A1UURyxSNtD3iy+dsrw3Kkwyslc8MIcHAqArmXe8xZLhLUFH5iznlRT47hotXSZa
FF3mJ9STlVRUekm3b4uBskMnW4XYyaAb4K2yBv1QDzz0eFXoy2w4pLsuRY8LDZKX
jntMTnIdOVWsIsfPaLc4WfRPua0aiEczYcvOzTeHmStT7Sk2QztEiE+4EEW2BZoP
TfiGKowI4k0LNaToCkTLgYvm73D6vnaN4y0G8ez8SRLZahkbBn0ER5gmzwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFBqkh+p4EuWHqOSXW6CfksnUQuEUMB8GA1UdIwQY
MBaAFIXrM/0X0jL75rKttmywr+De6QOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMt
OGEzOGVhMmIxZjU0LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMtOGEzOGVhMmIxZjU0
LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEADUPAcwDC
2SZ71JZedpd5M9bGgxbECSOWO/UoVoGCjKtSBTStWD/XpSxscy29NmSIgbL4JZVl
xaONjBTcoPtiF0Nh07MXsyfJZ1VKJOAF7YTMStzDRp/sh+13MUOD7RnQvnRzcGoE
lFhU/Uc/Gs6DJ+OEiMkv3YtDmjEHSa+qCzcbC27o+mjc+PN0k9NZIp3RNsiVWnBx
nMgrJVDUsFgpXSzg2EfDigzsp1rYaryNf6E2TqUd49/ifONVV6U7qJkIPyFBZtX0
Qs1TphgJ/JJbyPE3Iadg1oiF0S24iWi1UXRywFoeDcwueQLxCUAQeRAKMdSHOW5U
tWcaUDB8MahCUA==
-----END CERTIFICATE-----